Research finds open-source software is actually more secure for health care IT

Mar 08, 2011

Globally the sale of health care information systems is a multibillion dollar industry. The vast costs, frequent failed systems, and inability of systems to talk to each other regularly attract media comment. However policy makers still shy away from a class of software, Open Source, that could address many of these problems, because of worries about the safety and security of Open Source systems. Now new research by the University of Warwick's Institute for Digital Healthcare, and the Centre for Health Informatics and Multiprofessional Education at UCL Medical School, finds that Open Source software may actually be more secure than its often more expensive alternatives.

Dr Carl Reynolds of UCL's Centre for Health Informatics and Multiprofessional Education said:

"Software bought or otherwise distributed under a licence which require it to come bundled with the source code and the right to freely edit, reuse, and share it is called free or . Such a licensing arrangement leaves the buyer in a very strong position when compared with the usual proprietary licences. The buyer is less prone to lock-in, where a buyer loses the ability to switch software products because of the use of proprietary data formats or restrictive licensing conditions. When the buyer chooses an open or free licence he or she can take the code to a rival code developer if they offer a better deal. If the code is in the , and the user and programmer community are engaged, then the buyer can profit from more people inspecting and fixing the code leading to higher quality source code and in turn software."

Professor Jeremy Wyatt of the University of Warwick's Institute for Digital Healthcare said:

"Critics of Open Source often argue that, because the code is public, an attacker can more easily find and exploit vulnerabilities. But our work at the University of Warwick and UCL shows that the evidence does not bear this out and in fact Open Source Software (OSS) may be more secure than other systems.

"Proprietary systems often rely on a 'security through obscurity' argument, ie that systems that hide their inner workings from potential attackers are more secure. However through obscurity alone completely fails when code is disclosed or otherwise discovered using tools such as debuggers or dissemblers. Worse, it has been suggested that the cloak of obscurity tends to encourage poor-quality code. Opening the source allows independent assessment of the security of a system, makes bug patching easier and more likely, and forces developers to spend more effort on the quality of their code."

The researchers also refute the argument that using Open Source Software (OSS) is inherently riskier because one automatically becomes liable for any failings of the software. They say that "typically a large organization will pay a contractor for an OSS implementation and support package. Many contractors providing OSS implementation and support offer legal indemnity to clients in exactly the same way as proprietary vendors."

Explore further: Microsoft expands ad-free Bing search for schools

More information: The researchers' paper entitled "Open Source, Open Standards, and Health Care Information Systems" by: Dr Carl J Reynolds, Centre for Health Informatics and Multiprofessional Education, UCL Medical School and Professor Jeremy Wyatt of the University of Warwick's Institute for Digital Healthcare, has just been published in the Journal of Medical Internet Research at www.jmir.org/2011/1/e24/

add to favorites email to friend print save as pdf

Related Stories

Code breakthrough delivers safer computing

Sep 25, 2009

(PhysOrg.com) -- Computer researchers at UNSW and NICTA have achieved a breakthrough in software which will deliver significant increases in security and reliability and has the potential to be a major commercialisation success.

In Brief: Microsoft launches CodePlex

Jun 27, 2006

Microsoft Tuesday launched CodePlex, an online collaborative software development portal that is also a vehicle for sharing source code, it said.

TomTom to pay Microsoft to end patent fight

Mar 30, 2009

(AP) -- Microsoft Corp., the world's largest software maker, on Monday said it settled a patent dispute over car navigation technology with TomTom NV for an undisclosed amount.

Recommended for you

Microsoft expands ad-free Bing search for schools

12 hours ago

Microsoft is expanding a program that gives schools the ability to prevent ads from appearing in search results when they use its Bing search engine. The program, launched in a pilot program earlier this year, is now available ...

Growing app industry has developers racing to keep up

Apr 20, 2014

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

Cyber buddy is better than 'no buddy'

A Michigan State University researcher is looking to give exercise enthusiasts the extra nudge they need during a workout, and her latest research shows that a cyber buddy can help.